svn rev #21604: branches/mskrb-integ/src/lib/gssapi/krb5/
lhoward@MIT.EDU
lhoward at MIT.EDU
Fri Dec 26 18:54:51 EST 2008
http://src.mit.edu/fisheye/changelog/krb5/?cs=21604
Commit By: lhoward
Log Message:
Add support for ENCTYPE_ARCFOUR_HMAC_EXP
Changed Files:
U branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c
U branches/mskrb-integ/src/lib/gssapi/krb5/k5unsealiov.c
U branches/mskrb-integ/src/lib/gssapi/krb5/util_crypt.c
U branches/mskrb-integ/src/lib/gssapi/krb5/util_seqnum.c
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c 2008-12-26 23:00:28 UTC (rev 21603)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/k5unseal.c 2008-12-26 23:54:50 UTC (rev 21604)
@@ -171,7 +171,7 @@
*minor_status = ENOMEM;
return(GSS_S_FAILURE);
}
- if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) {
+ if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
unsigned char bigend_seqnum[4];
krb5_keyblock *enc_key;
int i;
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/k5unsealiov.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/k5unsealiov.c 2008-12-26 23:00:28 UTC (rev 21603)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/k5unsealiov.c 2008-12-26 23:54:50 UTC (rev 21604)
@@ -146,7 +146,7 @@
/* decode the message, if SEAL */
if (toktype == KG_TOK_WRAP_MSG) {
if (sealalg != 0xFFFF) {
- if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) {
+ if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) {
unsigned char bigend_seqnum[4];
krb5_keyblock *enc_key;
size_t i;
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/util_crypt.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/util_crypt.c 2008-12-26 23:00:28 UTC (rev 21603)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/util_crypt.c 2008-12-26 23:54:50 UTC (rev 21604)
@@ -112,6 +112,7 @@
ctx->sealalg = SEAL_ALG_DES3KD;
break;
case ENCTYPE_ARCFOUR_HMAC:
+ case ENCTYPE_ARCFOUR_HMAC_EXP:
ctx->signalg = SGN_ALG_HMAC_MD5;
ctx->cksum_size = 8;
ctx->sealalg = SEAL_ALG_MICROSOFT_RC4;
@@ -143,7 +144,8 @@
krb5_error_code code;
size_t blocksize;
/* We special case rc4*/
- if (key->enctype == ENCTYPE_ARCFOUR_HMAC)
+ if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
return 8;
code = krb5_c_block_size(context, key->enctype, &blocksize);
if (code)
@@ -163,7 +165,8 @@
krb5_data lrandom;
/* We special case rc4*/
- if (key->enctype == ENCTYPE_ARCFOUR_HMAC) {
+ if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
blocksize = 8;
} else {
code = krb5_c_block_size(context, key->enctype, &blocksize);
@@ -264,6 +267,8 @@
return code;
}
+const char const kg_arcfour_l40[] = "fortybits";
+
krb5_error_code
kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
const unsigned char *kd_data, size_t kd_data_len,
@@ -274,7 +279,9 @@
krb5_data input, output;
krb5int_access kaccess;
krb5_keyblock seq_enc_key, usage_key;
- unsigned char t[4];
+ unsigned char t[14];
+ size_t i = 0;
+ int exportable = (longterm_key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP);
usage_key.length = longterm_key->length;
usage_key.contents = malloc(usage_key.length);
@@ -290,18 +297,24 @@
if (code)
goto cleanup_arcfour;
- t[0] = ms_usage &0xff;
- t[1] = (ms_usage>>8) & 0xff;
- t[2] = (ms_usage>>16) & 0xff;
- t[3] = (ms_usage>>24) & 0xff;
+ if (exportable) {
+ memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
+ i += sizeof(kg_arcfour_l40);
+ }
+ t[i++] = ms_usage &0xff;
+ t[i++] = (ms_usage>>8) & 0xff;
+ t[i++] = (ms_usage>>16) & 0xff;
+ t[i++] = (ms_usage>>24) & 0xff;
input.data = (void *) &t;
- input.length = 4;
+ input.length = i;
output.data = (void *) usage_key.contents;
output.length = usage_key.length;
code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
longterm_key, 1, &input, &output);
if (code)
goto cleanup_arcfour;
+ if (exportable)
+ memset(usage_key.contents + 7, 0xab, 9);
input.data = ( void *) kd_data;
input.length = kd_data_len;
@@ -628,7 +641,9 @@
krb5_data input, output;
krb5int_access kaccess;
krb5_keyblock seq_enc_key, usage_key;
- unsigned char t[4];
+ unsigned char t[14];
+ size_t i = 0;
+ int exportable = (longterm_key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP);
krb5_crypto_iov *kiov = NULL;
size_t kiov_count = 0;
@@ -646,18 +661,24 @@
if (code)
goto cleanup_arcfour;
- t[0] = ms_usage &0xff;
- t[1] = (ms_usage>>8) & 0xff;
- t[2] = (ms_usage>>16) & 0xff;
- t[3] = (ms_usage>>24) & 0xff;
+ if (exportable) {
+ memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
+ i += sizeof(kg_arcfour_l40);
+ }
+ t[i++] = ms_usage &0xff;
+ t[i++] = (ms_usage>>8) & 0xff;
+ t[i++] = (ms_usage>>16) & 0xff;
+ t[i++] = (ms_usage>>24) & 0xff;
input.data = (void *) &t;
- input.length = 4;
+ input.length = i;
output.data = (void *) usage_key.contents;
output.length = usage_key.length;
code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider,
longterm_key, 1, &input, &output);
if (code)
goto cleanup_arcfour;
+ if (exportable)
+ memset(usage_key.contents + 7, 0xab, 9);
input.data = ( void *) kd_data;
input.length = kd_data_len;
Modified: branches/mskrb-integ/src/lib/gssapi/krb5/util_seqnum.c
===================================================================
--- branches/mskrb-integ/src/lib/gssapi/krb5/util_seqnum.c 2008-12-26 23:00:28 UTC (rev 21603)
+++ branches/mskrb-integ/src/lib/gssapi/krb5/util_seqnum.c 2008-12-26 23:54:50 UTC (rev 21604)
@@ -44,7 +44,8 @@
plain[5] = direction;
plain[6] = direction;
plain[7] = direction;
- if (key->enctype == ENCTYPE_ARCFOUR_HMAC ) {
+ if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
/* Yes, Microsoft used big-endian sequence number.*/
plain[0] = (seqnum>>24) & 0xff;
plain[1] = (seqnum>>16) & 0xff;
@@ -76,7 +77,8 @@
krb5_error_code code;
unsigned char plain[8];
- if (key->enctype == ENCTYPE_ARCFOUR_HMAC) {
+ if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
code = kg_arcfour_docrypt (key, 0,
cksum, 8,
buf, 8,
@@ -93,7 +95,8 @@
return((krb5_error_code) KG_BAD_SEQ);
*direction = plain[4];
- if (key->enctype == ENCTYPE_ARCFOUR_HMAC) {
+ if (key->enctype == ENCTYPE_ARCFOUR_HMAC ||
+ key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
*seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24));
} else {
*seqnum = ((plain[0]) |
More information about the cvs-krb5
mailing list